Misunderstanding in replies of API

Welcome to the Let's Encrypt Community :slightly_smiling_face:

I've been following this thread and want to make sure that I understand things clearly. Given that you can add TXT records for bvginenglish.com, I'm assuming that you control the DNS records/zone for bvginenglish.com. Is my assumption correct? If so, you should be able to update the DNS zone for bvginenglish.com to fix its records. Delegating the Let's Encrypt dns-01 challenges won't fix the fact that Google dig fails to look up the IP address (A record) for bvginenglish.com, which would make bvginenglish.com appear to be broken for almost anyone who visits the site. This will also cause the email and other aspects of bvginenglish.com to intermittently fail as well. As @JuergenAuer was mentioning, you cannot simply ignore this problem if you want bvginenglish.com to actually function. You don't need to control any servers outside of the bvginenglish.com DNS to fix this. You just need to fix the DNS records for bvginenglish.com.

From Google dig:

From MXToolBox:

1 Like


not the problem.

It's impossible to find an ip address of the name servers. So it's impossible to check the authoritative name servers if there is a TXT, CAA or A / AAAA record. But checking CAA is always required (http and dns validation), so that's a dead situation.

A name server without an ip address isn't existent and it's impossible to check such a name server.

And that's the reason unboundtest has a loop with the result of an internal timeout. Running my tool the loop was visible (not in the output) - ns1 points to ns2, ns2 points to ns1, but there is no ip address.

  1. Nameserver - IP-Adresses

You are absolutely correct, @JuergenAuer. :slightly_smiling_face:

I was just making a plea to ip75 to fix the DNS because by ignoring the actual problem that you've correctly identified, the website itself won't even function (failed A record lookup intermittently).

Here I'm assuming that the DNS issue you've identified is what's causing the A record lookup for bvginenglish.com to intermittently fail. Is that a correct assumption?

1 Like

1 Like

It's an intermittent failure. Try a few times.

About 1 out of 5 failure from my testing.

1 Like

sorry JuergenAuer but you have a problem with understanding how DNS works and you have a problem with hearing other people.
Correct way to check challenge is :

  1. request ns records of issued cert domain from default dns server
  2. directly request txt record _acme-challenge.example.com from dns server retrieved in 1st step

because of

not only I am faced with this problem judging by the google search.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.